Your antivirus scanner just popped up an alert letting you know that your computer has been infected with malware. How did this happen? You've been extra careful about not opening anything that looked suspicious, so how did this virus end up on your system?
There are many different avenues of attack that criminals use to load malware on your computer, let's look at some of the ways criminals trick you into unknowingly installing or allowing them to install malware onto your system:
1. Malicious Email Attachments and Web Links
One of the easiest methods criminals use to get you to install malware is the simple email. That innocent looking document you are about to open might actually be malware in disguise. When you click on the attachment, you basically execute the malicious payload contained within the file, which could result in malware being installed on your computer.
Links on websites may also harbor malware. Downloading software from untrusted sources can be a recipe for disaster. Malicious links may also be hidden within shortened URLs also known as short links. Check out our article: The Dangers of Short links for information on how to reveal the true destination of a shortened link.
Advice for Avoiding Malicious Email Attachments and Malware links: Make sure your anti-malware has the ability to scan incoming email to help avoid this type of threat. You should also be leery of clicking on links in email as they may be links to malware designed to take advantage of an unpatched security vulnerability present on your system.
2. Tech Support Scams
Another avenue of attack for criminals are the ever popular tech support phone scams. Also known as the 'Ammyy Scam'. These scammers call unsuspecting people over the phone using spoofed caller-ID information and convince victims to install a remote connection tool so that the scammers posing as tech support can "remotely fix the problem".
Instead of fixing a problem, the scammers use a remote administration tool such as the Ammyy Admin tool to help them install malware and steal your personal information. Victims are left with a compromised computer and often credit card charges amounting to hundreds of dollars.
Scareware or malicious software that is designed to trick you into buying something or installing something that could be potentially dangerous is also another vehicle for criminals to load malware on your computer
Why do they do this? What's in it for them? It's all about the money. There are malware affiliate marketing programs where criminals pay other criminals to infect computers. The participants make money based on the total number of computers they can infect with the malware.
Advice for Avoiding Scareware: Never install software that you haven't thoroughly researched. See our article on Scareware for more tips.
4. Clickjacking and Malicious Pop-up Windows
Pop-up windows can be used to confuse users by showing fake error messages that trick victims into installing software when no error really exists at all.
Clickjacking involves the deceptive practice of convincing users to click on something that they never intended to by using the web browser software's user interface elements such as transparent buttons.
Advice for Avoiding Clickjacking and Malicious Pop-ups: Check out our article on How to Avoid Clickjacking for full details on how to not get taken by this type of attack.